Loading...

Assign an existing User-Assigned Managed Identity to VM from another subscription using Azure Policy

Assign an existing User-Assigned Managed Identity to VM from another subscription using Azure Policy

Azure provides a comprehensive list of built-in policy definitions (grouped by the category property defined in the metadata) which are owned and maintained by Microsoft (where the azure-policy repository contains the direct representation of these).

 

Built-in policy definitions usually cover a specific scenario although some flexibility might be provided through parameters that can be configured. However, customers might have specific needs not covered by an available built-in policy definition and a custom policy definition might be needed.

 

As a rule of thumb, if there is a built-in policy definition that covers part of a scenario, a custom policy definition can be created based on it introducing the necessary modifications.

 

Let’s take into consideration the [Preview]: Assign Built-In User-Assigned Managed Identity to Virtual Machines built-in policy definition that creates and assigns a built-in user-assigned managed identity or assigns a pre-created user-assigned managed identity at scale to virtual machines. This currently provides the user-assigned managed identity name and resource group name as parameters expecting that it is on the same subscription as the virtual machine resource. However, in a scenario where the pre-created user-assigned managed identity exists in a different subscription from the virtual machine resource, a custom policy definition is required.

 

Before creating a custom policy, it is worth checking both the Azure Policy Samples as well as the Community Policy Repository to see whether a policy definition that matches your needs already exists. Coming back to the user-assigned managed identity assignment to virtual machines where the pre-created user-assigned managed identity exists in a different subscription from the virtual machine resource scenario, a custom policy definition is available here where the user assigned managed identity resource URI (which contains the subscription ID) is provided as a parameter.

Published on:

Learn more
Azure PaaS Blog articles
Azure PaaS Blog articles

Azure PaaS Blog articles

Share post:

Related posts

Azure Toolkit for IntelliJ: Introducing the enhanced Java Code Quality Analyzer!

Discover the latest updates to the Azure Toolkit for IntelliJ, featuring an enhanced Java Code Quality Analyzer to help you write cleaner, saf...

7 hours ago

Azure Boards + GitHub: Recent Updates

Over the past several months, we’ve delivered a series of improvements to the Azure Boards + GitHub integration. Whether you’re tracking...

11 hours ago

Introducing the Azure MCP Server

This post introduces the Azure MCP Server, bringing the power of the cloud to your AI agents. The post Introducing the Azure MCP Server appear...

1 day ago

Azure OpenAI Service now authorized for all U.S. Government data classification levels

In the coming years, artificial intelligence will continue to be foundational to technical innovations for national security missions. Already...

2 days ago

GPT-4.1 is now available at Azure AI Foundry

Azure AI Foundry and AOAI (Azure OpenAI Services) keeps on getting better all the time! The latest addition in Azure AI Foundry (as of April 1...

3 days ago

Introducing Region Selection in Azure Cosmos DB Data Explorer for NoSQL Accounts

You asked—we delivered! Users can now manually select the region Data Explorer sends requests to! When you use Entra Authentication with NoSQL...

4 days ago

Microsoft Attempts to Fix Microsoft Graph PowerShell SDK Problem with Azure Automation

V2.26 and V2.26.1 of the Microsoft Graph PowerShell SDK were low-quality, buggy disasters. Microsoft aims to fix the problem in the next versi...

4 days ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy